RE: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
At 04:46 PM 5/28/2002 -0700, Lists wrote: >DEFAULT > Service-Type == Framed-User, > Service-Type == Login-User, > Login-Service == Telnet, > Login-Service == Rlogin, > Login-Service == TCP-Clear, > Login-TCP-Port <= 65536, > Framed-IP-Address == 255.255.255.254, > Framed-IP-Netmask == 255.255.255.255, > Framed-Protocol == PPP, > Framed-Protocol == SLIP, > Framed-Compression == Van-Jacobson-TCP-IP, > Framed-MTU >= 576, > Framed-Filter-ID =~ ".*", > Reply-Message =~ ".*", > Session-Timeout <= 28800, > Idle-Timeout <= 600, > Port-Limit <= 2, > Ascend-Data-Filter += "ip in forward tcp est", No. Use :=. > Ascend-Data-Filter := "ip in forward dstip ip.of.mailbox/32", > Ascend-Data-Filter := "ip in drop tcp dstport = 25", > Ascend-Data-Filter := "ip in forward", > Fall-Through = yes > >what gives? Run a recent version. Earlier versions have known problems that cannot be fixed except by upgrading. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
Well, to answer my own question, I should but I am not. I have the following entry in radiusd.conf authorize { preprocess attr_filter sql } attr_filter in turn has this: attr_filter { attrsfile = ${confdir}/attrs } and attrs DEFAULT Service-Type == Framed-User, Service-Type == Login-User, Login-Service == Telnet, Login-Service == Rlogin, Login-Service == TCP-Clear, Login-TCP-Port <= 65536, Framed-IP-Address == 255.255.255.254, Framed-IP-Netmask == 255.255.255.255, Framed-Protocol == PPP, Framed-Protocol == SLIP, Framed-Compression == Van-Jacobson-TCP-IP, Framed-MTU >= 576, Framed-Filter-ID =~ ".*", Reply-Message =~ ".*", Session-Timeout <= 28800, Idle-Timeout <= 600, Port-Limit <= 2, Ascend-Data-Filter += "ip in forward tcp est", Ascend-Data-Filter := "ip in forward dstip ip.of.mailbox/32", Ascend-Data-Filter := "ip in drop tcp dstport = 25", Ascend-Data-Filter := "ip in forward", Fall-Through = yes what gives? >OK it's getting clearer. Now, when I use radtest, should I see those >filters in the output? Cause I am not seeing any. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chris Parker Sent: Tuesday, May 28, 2002 11:37 AM To: [EMAIL PROTECTED] Subject: Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4 At 02:30 PM 5/28/2002 -0400, Alan DeKok wrote: >"Lists" <[EMAIL PROTECTED]> wrote: > > I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running > > great. I am now required to add Ascend-Data-Filter (s). After reading > > the documentation I came up with the following: > > > > The following in /usr/local/freeradius/etc/raddb/attrs > > > > DEFAULT > > Service-Type == Framed-User, > > Service-Type == Login-User, > > This is wrong. Please read 'man 5 users' for a description of what >'==' does. This is not 'users'. This is 'attrs'. The operators specified were correct for that usage, apart from the Data-Filter ones, which should have been := ( Set Operator ). :) -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
OK it's getting clearer. Now, when I use radtest, should I see those filters in the output? Cause I am not seeing any. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chris Parker Sent: Tuesday, May 28, 2002 11:37 AM To: [EMAIL PROTECTED] Subject: Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4 At 02:30 PM 5/28/2002 -0400, Alan DeKok wrote: >"Lists" <[EMAIL PROTECTED]> wrote: > > I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running > > great. I am now required to add Ascend-Data-Filter (s). After reading > > the documentation I came up with the following: > > > > The following in /usr/local/freeradius/etc/raddb/attrs > > > > DEFAULT > > Service-Type == Framed-User, > > Service-Type == Login-User, > > This is wrong. Please read 'man 5 users' for a description of what >'==' does. This is not 'users'. This is 'attrs'. The operators specified were correct for that usage, apart from the Data-Filter ones, which should have been := ( Set Operator ). :) -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
Chris Parker <[EMAIL PROTECTED]> wrote: > This is not 'users'. This is 'attrs'. The operators specified were > correct for that usage, apart from the Data-Filter ones, which should > have been := ( Set Operator ). :) Whoops, sorry. I skimmed the message too quickly, I think. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
At 02:30 PM 5/28/2002 -0400, Alan DeKok wrote: >"Lists" <[EMAIL PROTECTED]> wrote: > > I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running > > great. I am now required to add Ascend-Data-Filter (s). After reading > > the documentation I came up with the following: > > > > The following in /usr/local/freeradius/etc/raddb/attrs > > > > DEFAULT > > Service-Type == Framed-User, > > Service-Type == Login-User, > > This is wrong. Please read 'man 5 users' for a description of what >'==' does. This is not 'users'. This is 'attrs'. The operators specified were correct for that usage, apart from the Data-Filter ones, which should have been := ( Set Operator ). :) -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
At 02:16 PM 5/28/2002 -0700, Lists wrote: >I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running >great. I am now required to add Ascend-Data-Filter (s). After reading >the documentation I came up with the following: > >The following in /usr/local/freeradius/etc/raddb/attrs 8< snip >Ascend-Data-Filter = "ip in forward tcp est", > Ascend-Data-Filter = "ip in forward dstip ip.of.mail.box/32", > Ascend-Data-Filter = "ip in drop tcp dstport = 25", > Ascend-Data-Filter = "ip in forward" > > >but alas, the filters do not get send. What am I missing? := is the operator you want. And you really want to upgrade to the latest release, as there have been changes to the way attrs is parsed and the operators you can use ( two new ones are now available =* and !* ). -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
"Lists" <[EMAIL PROTECTED]> wrote: > I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running > great. I am now required to add Ascend-Data-Filter (s). After reading > the documentation I came up with the following: > > The following in /usr/local/freeradius/etc/raddb/attrs > > DEFAULT > Service-Type == Framed-User, > Service-Type == Login-User, This is wrong. Please read 'man 5 users' for a description of what '==' does. > Framed-MTU >= 576, This will NEVER do what you think. The Framed-MTU is an attribute which tells the NAS *exactly* what size MTU to use, and NOT a range. > Ascend-Data-Filter = "ip in forward tcp est", > Ascend-Data-Filter = "ip in forward dstip ip.of.mail.box/32", Use '+=' here, instead of '='. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running great. I am now required to add Ascend-Data-Filter (s). After reading the documentation I came up with the following: The following in /usr/local/freeradius/etc/raddb/attrs DEFAULT Service-Type == Framed-User, Service-Type == Login-User, Login-Service == Telnet, Login-Service == Rlogin, Login-Service == TCP-Clear, Login-TCP-Port <= 65536, Framed-IP-Address == 255.255.255.254, Framed-IP-Netmask == 255.255.255.255, Framed-Protocol == PPP, Framed-Protocol == SLIP, Framed-Compression == Van-Jacobson-TCP-IP, Framed-MTU >= 576, Framed-Filter-ID =~ ".*", Reply-Message =~ ".*", Session-Timeout <= 28800, Idle-Timeout <= 600, Port-Limit <= 2, Ascend-Data-Filter = "ip in forward tcp est", Ascend-Data-Filter = "ip in forward dstip ip.of.mail.box/32", Ascend-Data-Filter = "ip in drop tcp dstport = 25", Ascend-Data-Filter = "ip in forward" And the following in /usr/local/freeradus/etc/raddb/radius.conf authorize { preprocess attr_filter sql # files # counter # attr_filter # eap # suffix # files # mschap } but alas, the filters do not get send. What am I missing? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html